Oops... there is a typo in the para given below. The implementation is such that it switches to effective euid of *user.privileged* as configured ....
Mayuresh Mayuresh Nirhali wrote: > Yes, thats exactly why I ask. > The implementation is such that it switches to effective euid of > *user.privileged* as configured (per the proposed solution for the > vanilla configuration as 'root') just before attempting a task that > needs privileges and switches back to notprivileged uid immediately > after the task/operation is over. I am not very sure how vulnerable > the setup would be to attacks, if euid is root during the privileged > operation?? > > Mayuresh >
